THE SQL Server Blog Spot on the Web

Welcome to SQLblog.com - The SQL Server blog spot on the web Sign in | |
in Search

Browse by Tags

All Tags » Security   (RSS)
Showing page 5 of 5 (42 total posts)
  • Call a spade a spade! (SQL injection, or IIS vulnerability?)

    In a recent blog post, Dancho Danchev mis-labeled a recent IIS vulnerability as a ''massive SQL injection attack.'' Let's be honest here.  Yes, this alert needs attention.  But this is not a new SQL injection vulnerability.  It is simply an exploit in IIS that lets malicious users access your source code.  If your database is ...
    Posted to Aaron Bertrand (Weblog) by AaronBertrand on April 26, 2008
  • Xp_cmdshell and permissions

    This blog post was inspired from a newsgroup discussion. The question basically is:What do you need to do in order to use xp_cmdshell? Note that there are obvious security implications of doing this. (I'm not recommending usage of xp_cmdshell in general, this is a technical blog post!) We first need to think about what happens here, from an ...
    Posted to Tibor Karaszi (Weblog) by TiborKaraszi on August 23, 2007
Privacy Statement